VelocIQ · Privacy Notice


VelocIQ

VelocIQ LLC · Houston, Texas

Privacy Notice

Effective Date: July 7, 2026

This Privacy Notice describes how VelocIQ LLC collects, uses, stores, and protects information in connection with the VelocIQ platform. It is addressed to the business entities and individuals who use or are subject to the VelocIQ platform.


1. Who We Are

VelocIQ LLC is a B2B organizational intelligence company based in Houston, Texas. VelocIQ is not a data broker. It is not a consumer product. VelocIQ processes organizational communications data on behalf of the businesses that contract for its services, for the sole purpose of generating intelligence output for those businesses' internal use.

For questions about this Notice or VelocIQ's data practices, contact us at admin@velociq.ai.



2. What Data We Process

2.1 Communications Data

VelocIQ processes the following categories of data from the Microsoft 365 environment of its client organizations, pursuant to explicit written authorization from the client:

Email messages: sender, recipients, subject, body, timestamps, attachments metadata

Microsoft Teams messages: message content, sender, recipients, timestamps

Calendar data: meeting titles, participants, dates, times, and meeting metadata

Contact data: names, email addresses, and organizational relationships derived from the above

VelocIQ does not access personal consumer accounts. All access is limited to the client's business Microsoft 365 tenant and the specific data categories authorized in the client's data access agreement.

2.2 Account and Usage Data

VelocIQ collects information necessary to operate the platform, including: authorized user email addresses, login events, feature usage patterns, and error logs. This data is used solely for platform operation, security, and improvement.

2.3 Data We Do Not Collect

VelocIQ does not collect: payment card numbers (handled by payment processors); health or medical information; government identification numbers; data from personal devices or personal email accounts not part of the client's Microsoft 365 tenant; or data from minors.



3. How We Use Data

3.1 Permitted Purposes

VelocIQ uses Communications Data solely for the following purposes:

Ingesting, normalizing, and storing communications data in the VelocIQ multi-tenant database on the client's behalf

Running signal detection, relationship health scoring, and briefing generation algorithms against the client's data

Generating intelligence outputs — briefings, scores, signals — for display to the client's authorized users

Calibrating signal detection thresholds and scoring parameters based on client feedback

Operating, maintaining, securing, and improving the platform

Complying with applicable law

3.2 AI Processing

VelocIQ uses large language model APIs (currently Anthropic Claude) to extract structured intelligence from communications data. Communications data is transmitted to the Anthropic API for this purpose pursuant to Anthropic's data processing terms. VelocIQ does not permit AI providers to use client data to train general-purpose models.

3.3 Aggregate and Anonymized Data

VelocIQ may use aggregate and anonymized patterns derived from client data for internal benchmarking, signal calibration, and platform improvement. Aggregate data cannot be used to identify any individual or any specific client organization.

3.4 No Sale of Data

VelocIQ does not sell, rent, or otherwise transfer client Communications Data or identifiable intelligence outputs to any third party for commercial purposes. This prohibition is absolute.



4. Data Storage and Security

4.1 Storage Infrastructure

Communications Data is stored in Microsoft Azure infrastructure located in the United States (West US 3 region). Raw communications are stored in Azure Blob Storage. Extracted intelligence signals and scores are stored in Azure PostgreSQL. All storage is within a per-tenant isolated container.

4.2 Security Controls

VelocIQ maintains the following minimum security controls:

AES-256 encryption at rest in a per-tenant dedicated storage container

TLS 1.2 or higher encryption for all data in transit

OAuth 2.0 authentication for Microsoft 365 access — no client credentials stored by VelocIQ

All access tokens and credentials stored exclusively in Azure Key Vault

Access limited to authorized VelocIQ personnel and contractors on a need-to-know basis

Multi-factor authentication required for all personnel with system access

4.3 Contractor Access

VelocIQ contractors who require access to client data are subject to written non-disclosure and data handling agreements that impose confidentiality, security, and use restrictions at least as protective as those in this Notice and in the client's service agreement. Contractors are granted the minimum access necessary for the specific task authorized in writing.

4.4 Breach Notification

In the event of a confirmed security breach that affects client Communications Data, VelocIQ will notify affected clients in writing as promptly as practicable and in no event later than required by applicable law.



5. Data Retention and Deletion

5.1 Retention Period

VelocIQ retains Communications Data and Intelligence Output for the duration of the client's service agreement plus a ninety (90) day period following termination to allow for transition and export. After that period, identifiable data is deleted unless the client has made a written request for earlier deletion.

5.2 Deletion on Request

A client may request deletion of its identifiable Communications Data and Intelligence Output at any time by written notice to admin@velociq.ai. VelocIQ will complete deletion within thirty (30) days and will provide written confirmation. Aggregate and anonymized data derived from client data may be retained as part of the platform's general calibration corpus.

5.3 Backup Data

Data stored in routine system backups is deleted in the ordinary course of VelocIQ's backup rotation schedule, which does not exceed ninety (90) days.



6. Employee Data and Workplace Monitoring

The VelocIQ platform processes internal communications of client organizations, which may include messages and emails sent or received by the client's employees. VelocIQ provides the intelligence tooling. The client organization is the employer and is solely responsible for:

Ensuring its use of the platform complies with applicable federal, state, and local workplace monitoring and electronic communications laws

Providing employees with adequate notice of communications monitoring

Obtaining any required employee consents

Employee data processed by VelocIQ is used solely to generate intelligence for the employer-client. VelocIQ does not provide employee data to any person other than the client's authorized users. Individual employee intelligence is not sold, shared, or disclosed to any third party.



7. Third-Party Services

VelocIQ relies on the following categories of third-party service providers to deliver the platform:

Microsoft Azure: cloud infrastructure, storage, and Key Vault credential management

Anthropic: large language model API for signal extraction and intelligence generation

Microsoft Graph API: Microsoft 365 data access

Each provider is subject to its own privacy terms. VelocIQ selects providers that maintain appropriate security and confidentiality standards. VelocIQ does not share client data with advertising networks, data brokers, or analytics services.



8. Rights and Requests

8.1 Client Rights

As a client organization, you have the right to: request a description of the Communications Data categories VelocIQ holds for your tenant; request deletion of your data pursuant to Section 5.2; revoke VelocIQ's access to your Microsoft 365 tenant at any time through the Microsoft Entra admin center; and receive written confirmation of deletion.

8.2 Individual Rights

Employees or other individuals whose data may be processed as part of a client organization's Communications Data should direct rights requests to their employer (the VelocIQ client). VelocIQ will cooperate with clients in responding to such requests consistent with the client's data access agreement.

8.3 Legal Process

If VelocIQ is required by valid legal process to disclose client data, VelocIQ will provide the client with prompt written notice before any disclosure to the extent permitted by law, and will cooperate with the client's efforts to seek a protective order or other relief.



9. Cookies and Website Data

The VelocIQ web application uses session authentication cookies necessary for platform operation. VelocIQ does not use advertising cookies, tracking pixels, or third-party analytics services on authenticated platform pages. The VelocIQ marketing website (velociq.ai) may use limited analytics to measure traffic and improve the site. VelocIQ does not sell website visitor data.



10. Changes to This Notice

VelocIQ may update this Privacy Notice to reflect changes in its data practices, applicable law, or platform functionality. Material changes will be communicated to active clients by email at least thirty (30) days before the effective date. The current version of this Notice is always available at velociq.ai and upon request from admin@velociq.ai.



11. Contact

For questions about this Privacy Notice or VelocIQ's data practices:

VelocIQ LLC

Houston, Texas

admin@velociq.ai

We will respond to written inquiries within ten (10) business days.



Page 5 · VelocIQ LLC · admin@velociq.ai